What is a virtualized process?

I have MinGW and MSYS installed and never really cared about how the binaries work. However, today I opened Process Explorer and realized that I have some virtualized processes:

I know that usually make/gcc/sh/mintty are for POSIX/unix-like systems, however I thought that the MinGW/MSYS projects would provide native executables. Virtualized is usually a term I associate with virtual machines and it confuses me a little bit. The task manager actually calls the according column "UAC virtualization".

So what does the virtualized flag in Windows mean? Is it some kind of compatibility layer for pre Vista executables?

Zeta

Posted 2012-10-20T10:55:31.440

Reputation: 207

Short answer: yes, it's a compatibility layer for pre-Vista executables. (Slightly longer answer: because many such executables assumed the process would always have administrator privilege, which in Vista was much less likely to be true.) – Harry Johnston – 2012-10-20T22:06:53.710

Answers

It's basically a file system and registry 'wrapper' that redirects file write attempts if the user does not have the correct write permissions, see the Wikipedia article about UAC for more information:

Applications written with the assumption that the user will be running with administrator privileges experienced problems in earlier versions of Windows when run from limited user accounts, often because they attempted to write to machine-wide or system directories (such as Program Files) or registry keys (notably HKLM). UAC attempts to alleviate this using File and Registry Virtualization, which redirects writes (and subsequent reads) to a per-user location within the user's profile.

For example, if an application attempts to write to a directory such as "C:\Program Files\appname\settings.ini" to which the user does not have write permission, the write will be redirected to "C:\Users\username\AppData\Local\VirtualStore\Program Files\appname\settings.ini". The redirection feature is only provided for non-elevated 32-bit applications, and only if they do not include a manifest that requests specific privileges.

Journeyman Geek

Posted 2012-10-20T10:55:31.440

Reputation: 119 122

1Nope. There is no redirection of "program files(x86)" to "Program Files". There is redirection from C:\Windows\System32 to C:\Windows\SysWOW64, but in fact this is refer to WOW64 redirector, not to Virtualization redirector. – Maximus – 2012-10-20T11:56:46.247

Journeyman Geek explains what is virtualization. I'll explain how Windows determine need of virtualization.

OS looks in application manifest file (or PE-resource) and if manifest is not found at all or does not have proper compatibility section - Windows assumes that application is "old" and enables virtualization.

<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
 <application>
   <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
   <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
 </application>
</compatibility>

PS. Virtualization works for registry (sub)keys like HKEY_LOCAL_MACHINE to HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE.

Maximus

Posted 2012-10-20T10:55:31.440

Reputation: 19 395